On September 4, 2012, FireEye released its Advanced Threat Report 1H 2012. The report had five key findings.
- The amount of malware that is by-passing traditional malware defenses is exploding.
- Some industries are being attacked more than others.
- Email based attacks use both malicious attachments and malicious links, favoring the methods that most effectively evade detection at any given time.
- The use of throw-away domains to send spearphishing emails is becoming the prevalent attack profile.
- Cybercriminals are changing the malware delivered in malicious attachments more quickly in order to avoid detection.
While all of these trends are alarming, let us focus on the fourth trend — the use of throw-away domains.
(click to enlarge)
The predominate email attack profile is now a single use domain created specifically for that attack. This method of attack renders reputation and blacklist based defenses useless because the attacking domain — having been created for the attack and then abandoned – will not have a reputation and will not be on any blacklists.
How can you defend against a domain that evades reputation and blacklist defenses? By adopting SP Guard from Iconix. SP Guard provides the ability to distinguish real email from spearphishing attacks using methods that do not rely on reputation or blacklists. Click here to learn more. You can contact us at 408-727-6342, ext 3 or use our online form.